Lucidchart Support
What is Lucidchart?
From official Lucidchart page:
Lucidchart is the intelligent diagramming application that brings teams together to make better decisions and build the future.
Parsing particularities
Lucidchart does not have its own extension for exporting. Instead of that, it enables their users to download their diagrams in several ways. One of them is VSDX, which is the Microsoft Visio format supported by StartLeft. All the Visio documentation about mapping and parsing logic applies for Lucidchart. However, there are a couple of considerations that are important to know.
About the mappings:
- The structure of the mapping file is exactly the same that for the Microsoft Visio files.
- The stencils are different in Microsoft Visio and Lucidchart, so you need to compose different mappings for each of them.
- The internal name of the Lucidchart stencil shapes does not match the one shown in the application. In the mapping file provided in the StartLeft examples folder, you can find a list of AWS components' internal names.
- LucidChart stencil libraries are versioned by year, but you don't need to take care of it. At building the mapping file, ignore the year suffix (2017, AWS19, AWS19_v2, or AWS2021).
About the parsing logic:
- Boundary TrustZones are not currently supported for Lucidchart.
- Dataflows are calculated based on their position, what means that they do not necessarily need to touch origin or target shapes, but they have some tolerance.
Catch All Configuration
This processor includes an exclusive functionality to activate the mapping for all the shapes not included in the components' mapper section.
All the unknown shapes will be mapped to the type defined under the catch_all property
Skip
This configuration defines a list of resources that will never be mapped.
An example
In this example, we can see a Lucidchart diagram which includes different types of elements.
- Generic shapes like the Internet TrustZone or the Custom VPC.
- Generic stencil shapes like the Client and the Mobile client.
- AWS stencil shapes like the Amazon CloudWatch or the Amazon EC2.
- Azure stencil shapes like the SQLDatabaseAzure2021.
- Several dataflows among the shapes.
Notice also that all the components in the diagram are nested inside others. All of them belong to a TrustZone, but, for example, the Amazon EC2 is also nested inside the Custom VPC. This hierarchy, as is done for Microsoft Visio, will be respected in the resultant OTM.
If we compose a default mapping file for all the stencil shapes:
default-mapping.yaml
trustzones:
- default: true
label: Internet (default)
type: f0ba7722-39b6-4c81-8290-a30a248bb8d9
- label: Public Cloud
type: b61d6911-338d-46a8-9f39-8dcd24abfe91
- label: Private Secured Cloud
type: 2ab4effa-40b7-4cd2-ba81-8247d29a6f2d
- label: [ AWSCloud, AWSCloudAlt, AWSCloudalt, AWSCloudContainer ]
type: b61d6911-338d-46a8-9f39-8dcd24abfe91
components:
- label: ACAzureAutomationBlock
type: CD-MICROSOFT-AZURE-AUTOMATION
- label: [ ACMcertificatemanager, AWSCertificateManager, CertificateManager ]
type: CD-ACM
- label: ACMediaServicesBlock
type: CD-MICROSOFT-AZURE-MEDIA-SERVICES
- label: AWSAmplify
type: CD-AMPLIFY
- label: AWSAppMesh
type: CD-APP-MESH
- label: [ AWSAppSync, AWSAppSync_red ]
type: CD-APPSYNC
- label: AWSApplicationDiscoveryService
type: CD-APP-DISC-SERVICE
- label: [ AWSArtifact, Artifact ]
type: CD-ARTIFACT
- label: AWSBackup
type: CD-BACKUP
- label: AWSBatch
type: CD-BATCH
- label: AWSCLI
type: CD-CLI
- label: AWSChatbot
type: CD-CHATBOT
- label: AWSClientVPN
type: client-vpn
- label: AWSCloud9
type: CD-CLOUD9
- label: AWSCloudAWS
type: empty-component
- label: AWSCloudFormation
type: CD-CLOUDFORMATION
- label: AWSCloudHSM
type: CD-CLOUDHSM
- label: AWSCloudMap
type: CD-CLOUD-MAP
- label: AWSCloudTrail
type: cloudtrail
- label: AWSCodeArtifact
type: CD-AWS-CODEARTIFACT
- label: AWSCodeBuild
type: CD-CODEBUILD
- label: AWSCodeCommit
type: CD-CODECOMMIT
- label: AWSCodeDeploy
type: CD-CODEDEPLOY
- label: AWSCodePipeline
type: CD-CODEPIPELINE
- label: AWSCodeStar
type: CD-CODESTAR
- label: AWSComputeOptimizer
type: CD-COMP-OPT
- label: AWSConfig
type: CD-CONFIG
- label: [ AWSContainersFargate, AWSFargate ]
type: fargate
- label: AWSControlTower
type: CD-CONTROL-TOWER
- label: AWSDMS
type: CD-DMS
- label: AWSDataExchange
type: CD-DATA-EXCHANGE
- label: AWSDataPipeline
type: CD-DATA-PIPELINE
- label: AWSDataSync
type: CD-DATASYNC
- label: AWSDeviceFarm
type: CD-DEV-FARM
- label: AWSDirectConnect
type: direct-connect
- label: [ AWSDirectoryService, DirectoryService ]
type: CD-DIR-SERVICE
- label: AWSElasticBeanstalk
type: CD-ELASTIC-BEANSTALK
- label: [ AWSFirewallManager, FirewallManager ]
type: firewall-manager
- label: AWSGeneral_GenericDatabase
type: rds
- label: [ AWSGeneral_User, AWSGeneral_Users ]
type: empty-component
- label: AWSGlobalAccelerator
type: CD-GLOBAL-ACC
- label: AWSGlue
type: CD-GLUE
- label: AWSGroundStation
type: CD-GROUND-STATION
- label: [ AWSIdentityandAccessManagement_IAM, IAM ]
type: iam
- label: AWSIoT1Click
type: CD-IOT-1-CLICK
- label: AWSIoTAWSGreengrass
type: CD-IOT-GREENGRASS
- label: AWSIoTCore
type: CD-IOT-CORE
- label: AWSIoTEvents
type: CD-IOT-EVENTS
- label: AWSIoTSiteWise
type: CD-IOT-SITEWISE
- label: AWSIoTThingsGraph
type: CD-IOT-THINGS-GRAPH
- label: [ AWSIoTlambdafunction, AWSLambda, AWSLambdaLambdaFunction, AWSLambda_LambdaFunction,
IoT_LambdaFunction, LambdaLambdaFunction ]
type: aws-lambda-function
- label: AWSKMS
type: kms
- label: AWSLakeFormation
type: CD-LAKE-FORMATION
- label: AWSLicenseManager
type: CD-LICENSE-MGR
- label: AWSManagedServices
type: CD-AWS-MS
- label: AWSManagementConsole
type: CD-AWS-MANAGEMENT-CONSOLE
- label: AWSMarketplace
type: CD-MARKETPLACE
- label: AWSMigrationHub
type: CD-MIGRATION-HUB
- label: [ AWSNetworkFirewall, NetworkFirewall ]
type: CD-AWS-NETWORK-FIREWALL
- label: AWSOpsWorks
type: CD-OPSWORKS
- label: AWSOpsWorks_Instances
type: ec2
- label: AWSOrganizations
type: CD-AWS-ORGANIZATIONS
- label: AWSOutposts
type: CD-OUTPOSTS
- label: [ AWSPrivateLink, AmazonVPCPrivateLink ]
type: privatelink
- label: AWSRoboMaker
type: CD-ROBOMAKER
- label: [ AWSSecretsManager,SecretsManager ]
type: CD-SECRETS-MANAGER
- label: [ AWSSecurityHub, SecurityHub ]
type: CD-SECURITY-HUB
- label: AWSServerlessApplicationRepository
type: CD-SERVERLESS-APP-REPO
- label: AWSServiceCatalog
type: CD-SERVICE-CATALOG
- label: [ AWSShield, Shield ]
type: CD-SHIELD
- label: AWSSitetoSiteVPN
type: site-to-site-vpn
- label: [ AWSSnowball, AWSSnowball_green ]
type: CD-SNOWBALL
- label: [ AWSStepFunction, AWSStepFunctions ]
type: step-functions
- label: AWSStorageGateway
type: CD-STORAGE-GATEWAY
- label: AWSSystemsManager
type: CD-SYSTEMS-MANAGER
- label: AWSTransferFamily
type: CD-TRANSFER-FML
- label: AWSTransitGateway
type: CD-AWS-TRANSIT-GW
- label: AWSTrustedAdvisor
type: trusted-advisor
- label: [ AWSWAF, WAF ]
type: CD-WAF
- label: AWSWellArchitectedTool
type: CD-WA-TOOL
- label: AWSXRay
type: CD-XRAY
- label: AlexaForBusiness
type: CD-ALEXA-FOR-BUSINESS
- label: [ AmazonAPIGateway, AmazonAPIGateway_purple ]
type: api-gateway
- label: AmazonAthena
type: athena
- label: AmazonAurora
type: CD-AURORA
- label: AmazonChime
type: CD-CHIME
- label: AmazonCloudFront
type: cf-cloudfront
- label: AmazonCloudSearch
type: CD-CLOUDSEARCH
- label: AmazonCloudWatch
type: cloudwatch
- label: [ AmazonCognito, Cognito ]
type: cognito
- label: AmazonComprehend
type: CD-COMPREHEND
- label: AmazonConnect
type: CD-CONNECT
- label: [ AmazonContainersElasticContainerRegistry, AmazonEC2ContainerRegistry,
AmazonECR, AmazonElasticContainerRegistry ]
type: elastic-container-registry
- label: [ AmazonContainersElasticContainerService, AmazonECS, AmazonECSECScontainer,
AmazonECSECScontainerAlt1, AmazonECSECScontainerAlt2, AmazonElasticContainerService,
AmazonElasticContainerService_Container1, AmazonElasticContainerService_Container2,
AmazonElasticContainerService_Service ]
type: elastic-container-service
- label: AmazonDocumentDB
type: CD-DOCUMENTDB
- label: AmazonDynamoDB
type: dynamodb
- label: [ AmazonEBS, AmazonElasticBlockStoreEBS, ElasticBlockStore ]
type: elastic-block-store
- label: AmazonEC2
type: ec2
- label: [ AmazonEC2_M5Instance, AmazonEC2_R5Instance ]
type: ec2
- label: [ AmazonEFS, AmazonElasticFileSystem_EFS, EFS file system, EFS ]
type: elastic-file-system
- label: AmazonEMR
type: CD-EMR
- label: AmazonElastiCache
type: elasticache
- label: AmazonElasticCacheRedis
type: CD-ELASTICACHE-FOR-REDIS
- label: [ AmazonElasticContainerKubernetes, AmazonElasticContainerServiceforKubernetes ]
type: elastic-container-kubernetes
- label: AmazonElasticTranscoder
type: CD-ELASTIC-TRANSCODER
- label: AmazonElasticsearchService
type: elasticsearch
- label: AmazonEventBridge
type: eventbridge
- label: AmazonFSxforWindowsFileServer
type: fsx-windows-file-server
- label: [ AmazonForecast, Forecast ]
type: CD-FORECAST
- label: AmazonGameLift
type: CD-GAMELIFT
- label: AmazonGlacier
type: glacier
- label: [ AmazonGuardDuty, GuardDuty ]
type: CD-GUARDDUTY
- label: [ AmazonInspector, Inspector ]
type: CD-INSPECTOR
- label: [ AmazonKinesis, AmazonKinesisDataAnalytics ]
type: kinesis-data-analytics
- label: AmazonKinesisDataFirehose
type: kinesis-data-firehose
- label: AmazonKinesisDataStreams
type: kinesis-data-streams
- label: [ AmazonKinesisVideoStreams, AmazonKinesisVideoStreamsMedia, AmazonKinesisVideoStreams_orange ]
type: kinesis-video-streams
- label: [ AmazonLex, Lex ]
type: CD-LEX
- label: AmazonLightsail
type: CD-LIGHTSAIL
- label: AmazonMQ
type: CD-MQ
- label: [ AmazonMacie, Macie ]
type: CD-MACIE
- label: AmazonManagedBlockchain
type: CD-MANAGEDBLOCKCHAIN
- label: AmazonNeptune
type: CD-NEPTUNE
- label: [ AmazonPersonalize,Personalize ]
type: CD-PERSONALIZE
- label: [ AmazonPinpoint, AmazonPinpoint_red ]
type: CD-PINPOINT
- label: AmazonPolly
type: CD-POLLY
- label: AmazonQuickSight
type: CD-QUICKSIGHT
- label: [ AmazonRDS, AmazonRDSDBinstance, AmazonRDSinstancestandby, Database, Generic database, genericdatabase ]
type: rds
- label: [ AmazonRedshift, AmazonRedshift_blue ]
type: redshift
- label: [ AmazonRekognition, Rekognition ]
type: CD-REKOGNITION
- label: AmazonRoute53
type: route-53
- label: [ AmazonS3, AmazonS3bucket, AmazonS3bucketwithobjects, AmazonSimpleStorageServiceS3, AmazonSimpleStorageServiceS3_Bucket,
AmazonSimpleStorageServiceS3_BucketwithObjects, S3 bucket, S3 bucket with objects,
SimpleStorageService, Storage ]
type: s3
- label: [ AmazonSES, AmazonSimpleEmailServiceSES_Email ]
type: CD-SES
- label: [ AmazonSNS, AmazonSimpleNotificationService, AmazonSimpleNotificationServiceSNS ]
type: sns
- label: [ AmazonSQS, AmazonSQSqueue, AmazonSimpleQueueService, AmazonSimpleQueueServiceSQS,
AmazonSimpleQueueServiceSQS_Queue, SQS queue ]
type: sqs-simple-queue-service
- label: AmazonSWF
type: swf-simple-workflow-service
- label: [ AmazonSageMaker, SageMaker ]
type: CD-SAGEMAKER
- label: AmazonTextract
type: CD-TEXTRACT
- label: AmazonTimestream
type: CD-AWS-TIMESTREAM
- label: [ AmazonTranscribe, Transcribe ]
type: CD-TRANSCRIBE
- label: AmazonTranslate
type: CD-TRANSLATE
- label: [ AmazonVPC, VirtualPrivateCloudContainer, VirtualPrivateCloudVPC, virtualprivatecloud ]
type: vpc
- label: [ AmazonVPC_Endpoints, AmazonVPCendpoints ]
type: empty-component
- label: AmazonWorkDocs
type: CD-WORKDOCS
- label: AmazonWorkMail
type: CD-WORKMAIL
- label: AmazonWorkSpaces
type: CD-WORKSPACES
- label: AvailabilityZone
type: empty-component
- label: AzureMediaServicesAzure2019
type: CD-MICROSOFT-AZURE-MEDIA-SERVICES
- label: [ Client, client ]
type: generic-client
- label: DataShareInvitationsAzure2021
type: CD-MICROSOFT-AZURE-DATA-SHARE
- label: DataSharesAzure2021
type: CD-MICROSOFT-AZURE-DATA-SHARE
- label: DatabaseBlock
type: other-database
- label: [ DefaultSquareBlock, FreehandBlock ]
type: empty-component
- label: [ Elastic Load Balancing Application Load Balancer, Elastic Load Balancing
Classic Load Balancer, ElasticLoadBalancing, ElasticLoadBalancingApplicationLoadBalancer,
ElasticLoadBalancingClassicLoadBalancer ]
type: load-balancer
- label: [ ElasticLoadBalancingELB, ElasticLoadBalancingELLoadBalancer, ElasticLoadBalancing_Applicationloadbalancer,
ElasticLoadBalancing_Classicloadbalancer, ElasticLoadBalancing_Networkloadbalancer ]
type: load-balancer
- label: GenericGroup1
type: empty-component
- label: GenericGroup2
type: empty-component
- label: Kendra
type: CD-KENDRA
- label: PrivateSubnet
type: empty-component
- label: PublicSubnet
type: empty-component
- label: Region
type: empty-component
- label: SQLDatabaseAzure2021
type: CD-MICROSOFT-AZURE-SQL-DB
- label: SimpleEmailServiceEmail
type: CD-SES
- label: Translate
type: CD-TRANSLATE
- label: [ User, Users, user, users ]
type: empty-component
- label: VPC endpoints
type: empty-component
- label: VPCSubnet
type: empty-component
- label: VirtualprivatecloudVPC
type: vpc
- label: { $regex: "^(AmazonEC2_?|EC2)a-zA-Z?[0-9]?a-z?(Instance|instance)s?$" }
type: ec2
Then, we can map the generic shapes by name in a custom mapping file:
custom-mapping.yaml
The expected result for this case should be an OTM like this:
lucidchart.otm
{
"otmVersion": "0.1.0",
"project": {
"name": "Lucid Example",
"id": "lucid-example"
},
"representations": [{
"name": "Visio",
"id": "Visio",
"type": "diagram",
"size": {
"width": 1000,
"height": 1000
}
}],
"trustZones": [{
"id": "b61d6911-338d-46a8-9f39-8dcd24abfe91",
"name": "Public Cloud",
"risk": {
"trustRating": 10
}
}, {
"id": "2ab4effa-40b7-4cd2-ba81-8247d29a6f2d",
"name": "Private Secured Cloud",
"risk": {
"trustRating": 10
}
}, {
"id": "f0ba7722-39b6-4c81-8290-a30a248bb8d9",
"name": "Internet",
"risk": {
"trustRating": 10
}
}],
"components": [{
"id": "7",
"name": "Custom VPC",
"type": "empty-component",
"parent": {
"trustZone": "b61d6911-338d-46a8-9f39-8dcd24abfe91"
}
}, {
"id": "9",
"name": "My EC2",
"type": "ec2",
"parent": {
"component": "7"
}
}, {
"id": "12",
"name": "My CloudWatch",
"type": "cloudwatch",
"parent": {
"trustZone": "b61d6911-338d-46a8-9f39-8dcd24abfe91"
}
}, {
"id": "17",
"name": "My API Gateway",
"type": "api-gateway",
"parent": {
"trustZone": "b61d6911-338d-46a8-9f39-8dcd24abfe91"
}
}, {
"id": "26",
"name": "My CloudTrail",
"type": "cloudtrail",
"parent": {
"trustZone": "b61d6911-338d-46a8-9f39-8dcd24abfe91"
}
}, {
"id": "29",
"name": "My Simple Storage Service (S3)",
"type": "s3",
"parent": {
"trustZone": "b61d6911-338d-46a8-9f39-8dcd24abfe91"
}
}, {
"id": "38",
"name": "Web browser",
"type": "generic-client",
"parent": {
"trustZone": "f0ba7722-39b6-4c81-8290-a30a248bb8d9"
}
}, {
"id": "44",
"name": "Android",
"type": "android-device-client",
"parent": {
"trustZone": "f0ba7722-39b6-4c81-8290-a30a248bb8d9"
}
}, {
"id": "47",
"name": "SQL Database",
"type": "CD-MICROSOFT-AZURE-SQL-DB",
"parent": {
"trustZone": "2ab4effa-40b7-4cd2-ba81-8247d29a6f2d"
}
}, {
"id": "53",
"name": "My DynamoDB",
"type": "dynamodb",
"parent": {
"trustZone": "2ab4effa-40b7-4cd2-ba81-8247d29a6f2d"
}
}],
"dataflows": [{
"id": "32",
"name": "EC2 Logs",
"source": "9",
"destination": "12"
}, {
"id": "33",
"name": "GW/EC2",
"source": "17",
"destination": "9"
}, {
"id": "34",
"name": "Log trace",
"source": "17",
"destination": "26"
}, {
"id": "35",
"name": "Customer data",
"source": "17",
"destination": "29"
}, {
"id": "43",
"name": "f7ef1b0f-2a7a-4822-9aa8-59affc9bf309",
"source": "38",
"destination": "17"
}, {
"id": "46",
"name": "114deaf6-bb2d-407a-a68a-1fccb3d56ed7",
"source": "44",
"destination": "17"
}, {
"id": "56",
"name": "User data",
"source": "17",
"destination": "53"
}, {
"id": "57",
"name": "App data",
"source": "17",
"destination": "47"
}]
}
That imported in a tool like IriusRisk looks like this:
cURL
To try this example on your machine, first, you need to put in place the necessary files:
- Download the Lucidchart example above from here.
- Save the default mapping above with the name
default-mapping.yaml. - Save the custom mapping above with the name
custom-mapping.yaml.
Finally, execute the following command to retrieve the OTM file:
curl --location --request POST localhost:5000/api/v1/startleft/diagram \
--header "Content-Type: multipart/form-data" \
--header "Accept: application/json" \
--form diag_type="LUCID" \
--form diag_file=@"./lucid-aws-with-tz-and-vpc.vsdx" \
--form default_mapping_file=@"./default-mapping.yaml" \
--form custom_mapping_file=@"./custom-mapping.yaml" \
--form id="my-lucidchart-example" \
--form name="My Lucidchart Example"
Command line usage
You can also use the Command Line option for this example, with the files downloaded in the previous section.
Make sure StartLeft is properly installed and execute the following command:
startleft parse \
--diagram-type LUCID \
--default-mapping-file ./default-mapping.yaml \
--custom-mapping-file ./custom-mapping.yaml \
--output-file my-lucidchart-cli-example.otm \
--project-name "My Lucidchart CLI Example" \
--project-id "my-lucidchart-cli-example" \
./lucid-aws-with-tz-and-vpc.vsdx